Okta: Impact of LAPSUS$ Breach 'Significantly Smaller' Than We Thought

pcmag.com:

Okta says the LAPSUS$ hacking group that's released data stolen from Microsoft, Samsung, and other companies only had access to its network for 25 minutes during a January data breach.

A "globally recognized cybersecurity firm"—which according to a leaked version of that firm's report is Mandiant—has completed its forensic investigation of the breach, the company says. It turns out the estimates Okta provided in March, which seemed like an attempt to downplay the extent of the breach, were actually overstated compared to the hack's true impact.

Okta says LAPSUS$ only managed to compromise one PC used by a Sitel support engineer for 25 minutes on Jan. 21. The group reportedly "accessed two active customer tenants within the SuperUser application" and "viewed limited additional information in certain other applications like Slack and Jira that cannot be used to perform actions in Okta customer tenants."

The company says it's notified the affected customers, which it hasn't identified, of the breach.

"While the overall impact of the compromise has been determined to be significantly smaller than we initially scoped," the company says, "we recognize the broad toll this kind of compromise can have on our customers and their trust in Okta."

Those concerns have prompted Okta to make a number of changes. The company says it's no longer working with Sitel, reviewing its communications processes to better manage any future breaches, and "strengthening our audit procedures of our sub-processors and will confirm they comply with our new security requirements" to reduce the risk of similar attacks.

"Okta will now directly manage all devices of third parties that access our customer support tools, providing the necessary visibility to